GASP! Shocking news (not) from Yahoo that there has been a massive data breach, with over 200 million user passwords and other personal information being sold on the ‘dark web’. Before I go into the things you should do in the event you are affected, or even if you think you are – I think this would be a good time for me to say (write) these three words, ‘ZERO-KNOWLEDGE SYSTEMS’, they are out there, they do exist and they are worth it.

Now, with that out of the way, there are some things you should do immediately if you feel you have been compromised.

Change your password: Pretty obvious right. Yahoo says it will notify affected users but this is a good time to change your password just in case.

Add or change your security questions: Be sure to add or change your security questions. Chances are if the hacker in questions got your password it also got the answers to your security questions.

Updates other non-Yahoo Accounts: If you have other accounts like facebook or Flikr that uses your Yahoo email address as a username or maybe even has the same or similar security questions I would highly recommend that you change those immediately as well.

Password Manager: If you have to use a password manager like LastPass that lets you create unique and completely random passwords for all your online accounts, stores them in an encrypted database that needs a master password to get into. This helps with one, keeps all your passwords differently and completely random and two makes sure don’t forget any of your passwords.

Now, most security experts and Yahoo itself will tell you to sign up for two-factor authentication as it adds a layer of protection to your login process. However, I do not use two-factor authentication, if it requires sending an SMS to my phone. Mobile devices are inherently insecure and can be “socially engineered out of your control”, SMS messages, in particular, are especially vulnerable. For this reason, I personally would say no to two-factor authentication IF it is provided through your mobile network. I am sure some will say that is bad advice, but I cannot I really care – I am speaking from experience here. There are other two-factor authentication types, for example, an RSA token, that doesn’t require communication between two computers. It is far more effective and secure – although it is also less convenient which is why it is not instituted by corporate companies.

Again, let me just say that Zero-Knowledge Systems are the way to go that offer end to end encryption. If Yahoo offered that with the email services 200 million people wouldn’t have had their personal data stolen. On that note, if you are interested in using a Zero-Knowledge System email I would personally recommend Tutanota.